In the Bitcoin consensus network, all nodes come to agreement on the set of Unspent Transaction Outputs (The “UTXO” set). The size of this shared state is a scalability constraint for the network, as the size of the set expands as more users join the system, increasing resource requirements of all nodes. Decoupling the network’s state size from the storage requirements of individual machines would reduce hardware requirements of validating nodes. We introduce a hash based accumulator to locally represent the UTXO set, which is logarithmic in the size of the full set. Nodes attach and propagate inclusion proofs to the inputs of transactions, which along with the accumulator state, give all the information needed to validate a transaction. While the size of the inclusion proofs results in an increase in network traffic, these proofs can be discarded after verification, and aggregation methods can reduce their size to a manageable level of overhead. In our simulations of downloading Bitcoin’s blockchain up to early 2019 with 500MB of RAM allocated for caching, the proofs only add approximately 25% to the amount otherwise downloaded.
[1]
Dan Boneh,et al.
Batching Techniques for Accumulators with Applications to IOPs and Stateless Blockchains
,
2019,
IACR Cryptol. ePrint Arch..
[2]
Josh Benaloh,et al.
One-Way Accumulators: A Decentralized Alternative to Digital Sinatures (Extended Abstract)
,
1994,
EUROCRYPT.
[3]
John Kelsey,et al.
Second Preimage Attacks on Dithered Hash Functions
,
2008,
EUROCRYPT.
[4]
Satoshi Nakamoto.
Bitcoin : A Peer-to-Peer Electronic Cash System
,
2009
.
[5]
Laszlo A. Belady,et al.
A Study of Replacement Algorithms for Virtual-Storage Computer
,
1966,
IBM Syst. J..
[6]
Leonid Reyzin,et al.
Efficient Asynchronous Accumulators for Distributed PKI
,
2016,
SCN.
[7]
Ralph C. Merkle,et al.
Protocols for Public Key Cryptosystems
,
1980,
1980 IEEE Symposium on Security and Privacy.